Seeker Posted September 27, 2008 Share Posted September 27, 2008 fyi, I just received a different phishing email. Preposterously worded of course, but being received the morning after I had renewed my account was a bit weird. Dear Spamcop Webmail Subscriber This message is to inform all our {Spamcop} webmail users that we will be maintaining and upgrading our website in a couple of days from now. As a Subscriber you are required to send us your Email account details to enable us know if you are still making use of your mail box. Be informed that we will be deleting all mail account that is not functioning to enable us create more space for new users, You are to send your mailaccount details which are as follows: *User Name: *Password: *Date of birth: You can also confirm your email address by logging into your account at https://webamil.spamcop.net/ before sending us the required information. WARNING: Any of our webmail user that refuses to send his/her verification details within the next seven(7) days of receiveing this message and failed to respond will be deleted immedately from our database. Verification code: Spamcop:0090-009 Thank you for using Spamcop! >From The Spamcop Support Team. © Spamcop Support Team Link to comment Share on other sites More sharing options...
g4mby Posted September 27, 2008 Share Posted September 27, 2008 Remove the spelling and grammar mistakes and it might, just might make this one a little more believable. Like most phishes I receive the originators drastically reduce their rate of success with poorly worded content although the chances of catching out a SpamCop user with this must surely be nil! Even SpamCop is not capitalised correctly. Link to comment Share on other sites More sharing options...
Farelf Posted September 27, 2008 Share Posted September 27, 2008 A number of webmail services are currently being phished it seems and, going by the previous attempts, even a few SC account holders will fall for it. Sad, but seemingly inevitable. An interesting thing would be the 'drop-box' that is being used in such cases, the "Reply-To:" address. Link to comment Share on other sites More sharing options...
Seeker Posted September 27, 2008 Author Share Posted September 27, 2008 There were several clues that this message was bogus. A Reply-To address in South Africa, can't even spell "webmail" correctly in the URL! The text stinks of English-is-not-native-language. Link to comment Share on other sites More sharing options...
vilain Posted January 16, 2009 Share Posted January 16, 2009 They're at it again. I just got a spam from HYPERMAIL that's almost identical to the one in the original post: http://mailsc.spamcop.net/mcgi?action=gett...rtid=3792851118 So either this worked last time they tried it or there's one lazyass spammer out there. Link to comment Share on other sites More sharing options...
Farelf Posted January 16, 2009 Share Posted January 16, 2009 http://mailsc.spamcop.net/mcgi?action=gett...rtid=3792851118 Thanks for the 'heads up' - but only you (and presumably SC staff) can see that report. For public consumption it needs to be a tracking URL which you can recover from the report (at the top of the parse - "Here is your TRACKING URL - it may be saved for future reference: ..."). And, sadly, some were caught by previous attempts and assuredly some will be caught by this one too. But none will be caught who heed your timely warning Yes, of course spammers are (also) lazy. If it were otherwise the little sods would own the observable universe by now (well, would share it with Bill Gates, anyway). Link to comment Share on other sites More sharing options...
cherrick Posted February 4, 2009 Share Posted February 4, 2009 I hope everyone who sees this in their inbox realizes it's b*llsh*t: " Dear spamcop.net Subscriber, We are currently carrying-out a maintenance process to your spamcop.net account to fight against spam MAILS,to complete this process and if you are the rightful owner of this account you required to reply with below information of your email User Name here:(**********) Password here(**********) Failure to summit your spamcop.net details, will render your email address in-active from our database. NOTE: You will RECEIVE a password reset message in next two (2) working days after undergoing this process for security reasons. Thank you for using spamcop.net! THE spamcop.net TEAM " Moderator Edit: Merged into existing Topic/Discussion on the same Subject. Link to comment Share on other sites More sharing options...
SkipHuffman Posted April 16, 2009 Share Posted April 16, 2009 Still active. I just got this one. gmail account this time. Dear SPAMCOP.NET Email Owner, This message is from SPAMCOP.NET messaging center to all PAMCOP.NET Email owners. We are currently upgrading our data base and e-mail center. We are deleting all unused SPAMCOP.NET email to create more space for new one.To prevent your account from closing you will have to update it below so that we will know that it's a present used account. However USC has been receiving complaints from our customers for unauthorised use of the SPAMCOP.NET Email. As a result remaking an extra security check on all of our Customers mailbox in order to protect their information from theft and fraud. Warning!!! Email owner that refuses to update his or her Email,within two days of receiving this warning will lose his or her Email permanently. You are require to send us the below information Requested Information Email Username : .......... ..... Email Password : ................ Date of Birth : ................ Country or Territory : .......... Thanks for your co-operation. Copyright [at]2009 SPAMCOP.NET All rights reserved Link to comment Share on other sites More sharing options...
agsteele Posted April 16, 2009 Share Posted April 16, 2009 Yes, I got my first ever today to my SC mailbox... :-( Ironically it was the only spam item received overnight that made it through grey-listing, SpamAssassin checks, block list checks and into my mailbox Andrew Link to comment Share on other sites More sharing options...
petzl Posted April 16, 2009 Share Posted April 16, 2009 Yes, I got my first ever today to my SC mailbox... :-( Ironically it was the only spam item received overnight that made it through grey-listing, SpamAssassin checks, block list checks and into my mailbox http://www.spamcop.net/sc?id=z2796589541z7...;action=display Mine was blocked and reported also reported the reply address Link to comment Share on other sites More sharing options...
Lking Posted April 16, 2009 Share Posted April 16, 2009 I wonder if they are actually bright enough to coordinate the attack with the maintenance window scheduled for today? No, no, no. The human mind is always looking for patterns to explain events, even random events. That also points out something about the spammer's mind. They're not 'human enough' to always do the pattern matching for s-p-a-m-c-o-p correctly. Link to comment Share on other sites More sharing options...
cherrick Posted April 16, 2009 Share Posted April 16, 2009 Same email, just in on 16-4 From: header says "Spamcop.net Team Support" <teamsupporttelenets4[at]gmail.com> ReplyTo: header resolves to the same. ... going right to /dev/null Link to comment Share on other sites More sharing options...
cherrick Posted May 1, 2009 Share Posted May 1, 2009 New phish hit my in box. Replyto: field is webmailupgrader[at]consultant.com Body: is "Quoting Spamcop Webmail Notice <webmail.upgrade[at]spamcop.net>: > Dear Spamcop Webmail Account Owner, > We are currently performing maintenance for Our Spamcop > Digital Webmail Customers.We intend upgrading our Digital > Webmail Security Server for better online services. We are > canceling unused Spamcop webmail email account to create > more space for new accounts.To prevent your account from > closing you will have to update it below to know it's status > as a currently used account. > > CONFIRM YOUR EMAIL IDENTITY BELOW > Email Username :===================================== > Email Password :===================================== > Date of Birth :====================================== > > Warning!!! Any account owner that refuses to update his/her > webmail account within three (3) days of this update > notification will loose his/her account permanently. > > Thank You For Your Support " Link to comment Share on other sites More sharing options...
Ricardo Posted May 1, 2009 Share Posted May 1, 2009 Today (1-May-2009), I received another PHISH e-mail message (in my SpamCop mailbox) to get my SpamCop username and password. The "From:" header in the message reads as "Spamcop Webmail Notice <webmail.upgrade[at]spamcop.net>" but the "Reply-To:" is "webmailupgrader[at]consultant.com". I have already reported it through SpamCop Reporting form (the report was sent to postmaster[at]ibw.com): Return-Path: <webmail.upgrade[at]spamcop.net> Delivered-To: spamcop-net-MUNGED[at]spamcop.net Received: (qmail 32767 invoked from network); 1 May 2009 16:12:29 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter7 X-spam-Level: X-spam-Status: hits=0.0 tests=none version=3.2.4 Received: from unknown (192.168.1.86) by filter7.cesmail.net with QMQP; 1 May 2009 16:12:29 -0000 Received: from tk.ibw.net (HELO tk.ibw.com.ni) (200.85.160.21) by mxin2.cesmail.net with SMTP; 1 May 2009 16:12:13 -0000 X-ASG-Debug-ID: 1241194346-7d1d039c0000-B5XM8f X-Barracuda-URL: http://200.85.160.21:8000/cgi-bin/mark.cgi Received: from nicaraguense.ibw.com.ni (localhost [127.0.0.1]) by tk.ibw.com.ni (spam Firewall) with ESMTP id 9BFE31788120; Fri, 1 May 2009 10:12:26 -0600 (CST) Received: from nicaraguense.ibw.com.ni (nicaraguense.ibw.com.ni [200.85.160.12]) by tk.ibw.com.ni with ESMTP id ToK5gz4rSIDdvLAu; Fri, 01 May 2009 10:12:26 -0600 (CST) X-Barracuda-Envelope-From: webmail.upgrade[at]spamcop.net Received: from mailhost.ibw.com.ni (tiscapa.ibw.com.ni [200.85.160.3]) by nicaraguense.ibw.com.ni (8.12.11/8.12.9) with SMTP id n41GCQmm002175; Fri, 1 May 2009 10:12:26 -0600 (GMT) Message-Id: <2009___________________2175[at]nicaraguense.ibw.com.ni> X-Barracuda-BBL-IP: 200.85.160.3 X-Barracuda-RBL-IP: 200.85.160.3 X-Priority: Sensitivity: Company-Confidential From: Spamcop Webmail Notice <webmail.upgrade[at]spamcop.net> Reply-To: webmailupgrader[at]consultant.com Organization: Spamcop Webmail Notice To: x X-ASG-Orig-Subj: Spamcop Email Verification Subject: Spamcop Email Verification Date: Fri, 1 May 2009 11:12:26 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Barracuda-Connect: nicaraguense.ibw.com.ni[200.85.160.12] X-Barracuda-Start-Time: 1241194346 X-Barracuda-Virus-Scanned: by Barracuda spam & Virus Firewall at ibw.com.ni X-SpamCop-Checked: 200.85.160.21 200.85.160.12 200.85.160.3 Dear Spamcop Webmail Account Owner, We are currently performing maintenance for Our Spamcop Digital Webmail Customers.We intend upgrading our Digital Webmail Security Server for better online services. We are canceling unused Spamcop webmail email account to create more space for new accounts.To prevent your account from closing you will have to update it below to know it's status as a currently used account. CONFIRM YOUR EMAIL IDENTITY BELOW Email Username :===================================== Email Password :===================================== Date of Birth :====================================== Warning!!! Any account owner that refuses to update his/her webmail account within three (3) days of this update notification will loose his/her account permanently. Thank You For Your Support Link to comment Share on other sites More sharing options...
Ricardo Posted May 1, 2009 Share Posted May 1, 2009 Hi Cherrick, You wrote: New phish hit my in box. Replyto: field is webmailupgrader[at]consultant.com Body: is "Quoting Spamcop Webmail Notice <webmail.upgrade[at]spamcop.net>: [snip] " Right. I received that PHISHING message today (1-May-2009) in my SpamCop mailbox, as well. The content and e-mail addresses used were the same ones that you got (webmailupgrader[at]consultant.com in the "Reply-To:" header and "webmail.upgrade[at]spamcop.net" in the "From:" header). Regarding this, you may check the post (Post #13) that I wrote a few minutes ago, in this same forum ("SpamCop Email System & Accounts") for the discussion "New Spamcop Phishing": http://forum.spamcop.net/forums/index.php?...ost&p=71168 Cheers! Link to comment Share on other sites More sharing options...
Farelf Posted May 2, 2009 Share Posted May 2, 2009 Well, the good news is that particular reply-to has been deactivated: [Resolving consultant-com.mr.outblaze.com...] [Contacting consultant-com.mr.outblaze.com [208.36.123.58]...] [Connected] 220 spf11.us4.outblaze.com ESMTP Postfix EHLO hexillion.com 250-spf11.us4.outblaze.com 250-PIPELINING 250-SIZE 31457280 250-ETRN 250 8BITMIME NOOP *** See <http://www.hexillion.com/MailAdmin/> for an explanation of this session 250 Ok NOOP *** HexValidEmail COM 1.4.12 <5c31a8fa73d35685c3baa1e0430da151bdc52a85> 250 Ok RSET 250 Ok MAIL FROM:<HexValidEmail[at]hexillion.com> 250 Ok RCPT TO:<webmailupgrader[at]consultant.com> 550 <webmailupgrader[at]consultant.com>: Account Deactivated [Address has been rejected] RSET 250 Ok QUIT 221 Bye [Connection closed] Link to comment Share on other sites More sharing options...
cherrick Posted May 5, 2009 Share Posted May 5, 2009 Reply-To: header resolves to: "upgrade[at]spamcop.net" <webmail.upgrade2[at]consultant.com> ----- Forwarded message from howell1[at]dodo.com.au ----- Date: Wed, 6 May 2009 8:59:05 +1000 From: "upgrade[at]spamcop.net" <howell1[at]dodo.com.au> Reply-To: "upgrade[at]spamcop.net" <webmail.upgrade2[at]consultant.com> Subject: Attn: Spamcop.net Webmail User! Dear spamcop.net Webmail User, We are really sorry for the inconvenience we are making you pass through,we are having problem with our database due to our recent upgrade and we can not find your data. Please we need to rectify this problem before the next 24-hours if not, you may not be able to send or receive email with your spamcop.net Webmail e-mail address. Please provide your account details below so we can rectify this problem as soon as possible: Username/ e-mail: PASSWORD: COUNTRY: NOTE: Your data and information will not be tampered or interfered with, We'll just record your data back into our database and send you a new confirmation alphanumerical password that will only be valid during this period and can be changed after this process. Please respond to this notice to enable us provide you better online services. ________________________________________________ This message was sent using Dodo Webmail - www.dodo.com.au ----- End forwarded message ----- Link to comment Share on other sites More sharing options...
rconner Posted May 6, 2009 Share Posted May 6, 2009 Your data and information will not be tampered or interfered with, We'll just record your data back into our database and send you a new confirmation alphanumerical password that will only be valid during this period and can be changed after this process. Reminds me of an old Bob & Ray PSA about how the Bob & Ray bank lost all of its records, and would depositors please stop by and tell them how much they had in their accounts (no cheating, please). -- rick Link to comment Share on other sites More sharing options...
Farelf Posted May 6, 2009 Share Posted May 6, 2009 Reply-To: header resolves to: "upgrade[at]spamcop.net" <webmail.upgrade2[at]consultant.com> And that one hasn't been deactivated at this time: RCPT TO:<webmail.upgrade2[at]consultant.com> 250 Ok (no flooding it now, play nice ) Link to comment Share on other sites More sharing options...
dra007 Posted May 6, 2009 Share Posted May 6, 2009 (no flooding it now, play nice ) no, but I will certainly register it with a few spamming sites.. Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted May 16, 2009 Share Posted May 16, 2009 Another Phishing run has started. The spammer is trying to get your SpamCop username and password, plus other personal info. Moderators: Please feel free to move this post, delete it, or whatever. - Don D'Minion - SpamCop Admin - Link to comment Share on other sites More sharing options...
DavidT Posted May 16, 2009 Share Posted May 16, 2009 Thanks for the "alert," Don. Unfortunately, the people most likely to fall for the phish probably never visit these forums, but there's always hope. I suppose JT could broadcast a message to all users, advising them of these repeated phishing attempts and that they should never give their information up. DT Link to comment Share on other sites More sharing options...
Wazoo Posted May 16, 2009 Share Posted May 16, 2009 Moderators: Please feel free to move this post, delete it, or whatever. Merged into the existing Topic/Discussion on the same subject matter. Link to comment Share on other sites More sharing options...
agsteele Posted July 14, 2009 Share Posted July 14, 2009 Looks like a new phishing run has started.... Apart from the obvious text the real giveaway was an entirely improbable senders address. Be vigilant Dear SpamCop Webmail online Email Account Owner, Important notice, harmful virus was detected in your account which can be harmful to our subscriber unit.You are to enter your Username and Password here {____________, __________} to enable us set in an anti virus in your user account to clear up this virus. we do need your co-operation in this, Providing us with this information we enable us insert in your account an anti virus machine for clean up. Andrew Link to comment Share on other sites More sharing options...
cherrick Posted July 22, 2009 Share Posted July 22, 2009 Just got the new Phishing expedition trying to hit spamcop.net users: Date: Thu, 23 Jul 2009 02:15:44 +0800 [01:15:44 PM CDT] From: SPAMCOP SUPPORT TEAM <helpdesk[at]spamcop.net>Add helpdesk[at]spamcop.net to my Address Book To: undisclosed-recipients:; Reply-To: verification_teamss12[at]yahoo.com.hkAdd verification_teamss12[at]yahoo.com.hk to my Address Book Subject: FINAL ACCOUNT UPDATE!!! Headers: Show All Headers Dear spamcop.net Subscriber, We are currently carrying-out a mantainace process to your spamcop.net account, to complete this, you must reply to this mail immediately, and enter your User Name here (,,,,,,,,) And Password here (.......) if you are the rightful owner of this account. This process we help us to fight against spam mails.Failure to summit your password, will render your email address in-active from our database. NOTE: If your have done this before, you may ignore this mail. You will be send a password reset messenge in next seven (7) working days after undergoing this process for security reasons. Thank you for using spamcop.net! THE SPAMCOP TEAM Subject: line is: FINAL ACCOUNT UPDATE!!! Reply-to: line is: verification_teamss12[at]yahoo.com.hk If anyone wants the headers I'll do a forward. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.